Endpoint Security that Doesn’t Slow Down Your Computer

Installing new software impacts the speed and performance of your machine.

Endpoint security is often criticized for being a culprit.

Bromium software not only offers amazing protection but can also free up system resources.

It’s no secret. When you install software on your machine, you expect some type of additional impact on system resources. Security software is no exception. In fact there are a number of blogs on how to tweak endpoint security software to minimize the performance impact.

There are even independent testing houses that evaluate and publish the impact of endpoint security every year. The AV-comparatives report issued this year shows every single security vendor tested had some type of negative impact on system performance. Keep in mind that this is not stress testing, its basic things that you would do day-to-day, like; copying files, installing or uninstalling applications, opening documents and PDF files, or downloading files.

Think back twenty years ago when virtualization did not exist. If someone told you that it was possible to install and run multiple operating systems on the same hardware, simultaneously, you would think they belonged in an asylum. That’s because every additional level of complexity you added, drained the operating power of your computer.

You might think that’s what would happen with virtualization. Over the years, virtualization has changed entire industries. First it delivered server consolidation by enabling multiple servers or desktops to run on a single piece of hardware. Next, it optimized the cloud, allowing us to simply consume the compute, storage, and network resources needed based on demand. And now, in the last few years, it has strengthened security.

The best of both worlds.

Thanks to virtualization, security does not have impact your system performance. In fact, by using virtualization-based security you can actually reduce resource consumption that would normally be used for malicious inspection. Bromium employs micro-virtualization to perform introspection of threats to fully map the kill chain without the need for any signatures.

To draw a comparison I performed a basic test, similar to AV-comparatives, by running a large number of browsers with Bromium enabled and without. The results where intriguing showing improved CPU performance by almost 35% and memory performance by nearly 20%.

The Bromium hypervisor has been tuned for optimal performance delivering hardware-enforced isolation of untrusted task which results in self-defending endpoints. They don’t need to talk back to the cloud for intelligence, it’s all built into our endpoint agent. And because Bromium does not use any signatures, no memory is wasted on signatures lookups. Each endpoint is part of your army in the war against cyber threats; fighting together to protect the enterprise from zero-day or unknown targeted attacks.

How the testing was done.

I conducted the testing on a Windows 7 laptop with an Intel i5 processor with 8GB memory. In both tests I opened 50 tabs in a browser session to simulate a heavy load on the system. Below are some screenshots to show you the difference.

Test 1: Bromium disabled: CPU usage at 76%

Test 2: Bromium enabled: CPU usage at 42%

As you can see from the screenshots with Bromium installed the host is actually using fewer resources to perform the same actions.

Using virtualization makes sense to improve operations and maximize hardware efficiency. It only makes sense to apply virtualization principals to security allowing you to gain the efficiency benefits micro-virtualization brings, and signature-less protection.